PDF Preview:
| PDF Title : | Practical Malware Analysis |
|---|---|
| Total Page : | 802 Pages |
| Author: | Andrew Honig |
| PDF Size : | 7.7 MB |
| Language : | English |
| Rights : | nostarch.com |
| PDF Link : | Available |
Summary
Here on this page, we have provided the latest link for Practical Malware Analysis PDF. Please feel free to it on your computer/mobile. For further reference, you can go to nostarch.com
Practical Malware Analysis – Book
If you’re using the PhantOm plug-in, check the Load Driver and Hide OllyDbg Windows boxes to protect against this technique. Now load the program into OllyDbg, set a breakpoint at the strncmp call at 0x40123A, and add a command-line argument of abcd in OllyDbg before clicking the play button.
When you click play, the strncmp function appears to compare abcd to bzqrp@ss; however, strncmp checks only the first 4 bytes of the bzqrp@ss string. We conclude that the must be bzqr, but if we try that on the command line outside a debugger, we receive the incorrect error message.
We dig deeper into the code to determine if something else is going on. We begin by properly labeling the encoded string in the listing. The second parameter ed on the stack to strncmp is byte_408030 (a global variable), which we know to be a byte array of size 4. We change this into a 4-byte array and rename it encoded_.